Before diving deep, the only people that should hold the keys to your church accounts should be a core team. That core team should probably be less than 5 people that are trusted and should probably have signed some type of employee handbook or contract about portraying the church’s image online.
How is your church or your church’s communication team sharing passwords right now? Are you sharing one password across the board? Sorry guys, having “John3:16” as your password isn’t as secure as you think.